Electronic information backup system

ABSTRACT

An electronic information backup system for safely back up electronic value information about electronic money and electronic ticket through communication in a server so as to exclude unauthorized actions when backup and restoring are performed and for restoring the electronic value information from the backup in case of emergency such as loss of key information. In this system, electronic value information is encrypted, the encrypted electronic value information is registered in an electronic safe server, and the user receives the registration, presents the registration to the server to receive the encrypted electronic value information, and decrypts the electronic value information with decrypting key data. The decrypting key can be kept in another server. The electronic value information and the decrypting key can be kept separately in different servers. It is possible to keep the sequence of number of the cryptogram to serve as the basic the decrypting key in the server, and to generate a decrypting key according to a decrypting key generation algorithm on the terminal side. In case of loss of the decrypting key, the possessor certificate information is verified and then the user can receive the decrypting key from the server.

REFERENCE TO RELATED APPLICATIONS

The present application is the national stage under 35 U.S.C. §371 ofinternational application PCT/JP00/05439, filed Aug. 14, 2000 whichdesignated the United States, and which application was not published inthe English language.

TECHNICAL FIELD

The present invention relates to a backup system utilizing computers andinformation communication and more specifically to a backup and recoverysystem for electronic value information such as electronic cash andelectronic ticket.

BACKGROUND ART

The technology to express and utilize money or information havingmonetary value such as electronic money or electronic ticket in theelectronic format has recently grown up as the ordinary technology.Electronically expressed value information such as electronic cash orelectronic ticket will be called later as electronic value information.

As a method of expression, an electronic value information is set on aserver installed in distant area and an owner of this electronic valueinformation has only an authentication information and makescommunication with the server at the time of application. This methodhowever has a problem that safe transaction can be realized by assuringsufficient safety in the authentication but electronic value informationcan be used only in the condition that the system may be connected tothe network and also has a problem that inquiry to the network isgenerated for each application and thereby it is difficult to adapt thismethod to the condition that requires high speed response.

Therefore, in view of utilizing the electronic value information evenunder the condition that is independent of the network, there has beenproposed a technique for holding electronic value information itself ondevices such as IC card, hand-held telephone set and hand-held terminalcarried by an owner of electronic value. However, in this case, there isa risk of losing electronic value information due to destruction andmissing of devices.

In order to realize recovery from the problem of destruction ofelectronic information including electronic value information explainedabove, several technologies have already been proposed. Examples of suchprior arts will be explained below.

In the technology disclosed in the JP-A No. H10-133925 as the firstrelated art, data can be backed up for the backup server installed atthe outside of fire wall from the inside thereof by utilizing anencrypted mail. However, in this technique, a recovery method from theencrypted data when the key is lost or broken is not considered.

In the technology disclosed in the U.S. Pat. No. 5,778,395 as the secondrelated art, files of node (computer) connected to the network arebacked up through compression and encryption to the server on the othernode. However, in this technique, recovery of data when the key is lostor broken is not considered as in the case of the first related art.

As explained above, the related arts have been intended to realizebackup and recovery of electronic information in the condition that itis concealed by encryption. However, the related explained above isaccompanied by a problem that loss or breakdown of device storingelectronic information including a key information cannot be coveredbecause it is not considered to recover the encrypted backup informationwhen the key information used for encryption is lost.

Moreover, even when a key used for decoding the encryption to cover theproblem explained above can be simply backed up, a measure for illegalaction to deteriorate reliability for backup management of key such asconspiracy by the server keeping the key and the server keeping theencrypted electronic value information must be considered.

DISCLOSURE OF THE INVENTION

An object of the present invention is to provide an electronicinformation backup system that can safely backup electronic valueinformation on a server through communication, reject illegal action atthe time of backup and recovery and recover electronic value informationfrom backup at the time of emergency such as the case where the keyinformation is lost.

According to the present invention, there is provided a system thatencrypts an electronic value information and then resisters thisinformation to an electronic value information to receive a registrationcertificate. Next, the system presents the registration certificate tothe server to receive the encrypted electronic value information in viewof decoding such encrypted electronic value information with a decodingkey that is decoded to the data. The decoding key may be kept within auser or in the server or in the other server. Moreover, it is alsopossible that the electronic value information is divided and moreoverthe decoding key is divided and these are integrally or partially keptin the same server or in individual servers separately. Moreover, it isalso possible that the stream of encryption that is the source ofdecoding key is kept in a server and thereby a terminal can regeneratethe decoding key from such stream of encryption using a decoding keygeneration algorithm. If the decoding key is lost, such decoding key canbe received from the server when inspection of the owner authenticationinformation is completed successful.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a structural diagram of an electronic information backupsystem in a first embodiment of the present invention.

FIG. 2 is a schematic diagram of an electronic value information, adigest information and a registration certificate in the firstembodiment of the present invention.

FIG. 3 is a schematic diagram illustrating a management method ofelectronic value information and registration certificate on anelectronic wallet means in the first embodiment of the presentinvention.

FIG. 4 is a schematic diagram illustrating an information storage methodin an electronic safe storage means in the first embodiment of thepresent invention.

FIG. 5 is a structural diagram of an electronic information backupsystem in a second embodiment of the present invention.

FIG. 6 is a schematic diagram of a registered electronic valueinformation and a registration certificate in the second embodiment ofthe present invention.

FIG. 7 is a schematic diagram illustrating a storage method of anencryption key and a decoding key on a key storage means in the secondembodiment of the present invention.

FIG. 8 is a schematic diagram illustrating a management method of a keyinformation on a key management storage means in the second embodimentof the present invention.

FIG. 9 is a schematic diagram illustrating an information storage methodin an electronic safe storage means in the second embodiment of thepresent invention.

FIG. 10 is a structural diagram of an electronic information backupsystem in a third embodiment of the present invention.

FIG. 11 is a structural diagram of an electronic information backupsystem in a fourth embodiment of the present invention.

FIG. 12 is a structural diagram of an electronic information backupsystem in a fifth embodiment of the present invention.

FIG. 13 is a structural diagram of an electronic information backupsystem in a sixth embodiment of the present invention.

FIG. 14 is a structural diagram of an electronic information backupsystem in a seventh embodiment.

FIG. 15 is a structural diagram of an electronic information backupsystem in an eighth embodiment of the present invention.

FIG. 16 is a structural diagram of an electronic information backupsystem in a ninth embodiment of the present invention.

FIG. 17 is a structural diagram of an electronic information backupsystem in a tenth embodiment of the present invention.

FIG. 18 is a structural diagram of an electronic information backupsystem in an eleventh embodiment of the present invention.

FIG. 19 is a schematic diagram illustrating electronic value informationgroup on the electronic wallet storage means in the eleventh embodimentof the present invention.

FIG. 20 is a schematic diagram illustrating electronic value informationgroup on the electronic wallet storage means in the eleventh embodimentof the present invention.

FIG. 21 is a structural diagram of an electronic information backupsystem in an twelfth embodiment of the present invention.

PREFERRED EMBODIMENTS OF THE INVENTION

The present invention discloses, first, that a local electronic valueinformation is registered to an electronic safe server to receive aregistration certificate thereof and such registration certificate ispresented to the electronic safe server to obtain the correspondingelectronic value information. Thereby, if the local electronic valueinformation is destroyed, such electronic value information can berecovered.

The present invention discloses, second, the local electronic valueinformation is encrypted and is then backed up on the electronic safeserver. Thereby, the electronic value information can be backed up underthe condition that it is shielded within the electronic safe server andeven if the local electronic value information is destroyed, theelectronic value information can be recovered.

Third, the present invention discloses that decoding keys for decodingthe encrypted electronic value information are backed up in differentelectronic safe servers. Thereby, the electronic value information canbe stored more safely.

Fourth, the present invention discloses that an electronic valueinformation is divided and the divided information pieces are thenbacked up in different electronic safe servers. Thereby, difficulty forillegally obtaining such decoding keys by tapping of all communicationpaths or illegal entry to all electronic safe servers during the backupoperation becomes very high. Moreover, when independency of respectiveelectronic safe servers is high, possibility for illegal recovery of thedecoding keys due to the conspiracy of the electronic safe servermanagement personnel can also be lowered.

Fifth, the present invention discloses that a plurality of electronicvalue information pieces are combined and then encrypted and therebythese encrypted information pieces are backed up in the electronic safeservers and such combined information is isolated when it is obtainedfrom the electronic safe server and is then recovered as the electronicvalue information. Thereby, difficulty for illegally obtaining suchdecoding keys by tapping of all communication paths or illegal entry toall electronic safe servers during the backup operation also becomesvery high. Moreover, when independency of respective electronic safeserver is high, possibility for illegal recovery of the decoding keys byconspiracy of the electronic safe server management personnel can alsobe lowered.

Sixth, the present invention discloses that the decoding key is dividedand one divided decoding key is backed up in one electronic safe server,while the other divided decoding key is backed up in the otherelectronic safe server. Thereby, difficulty for illegally obtaining thedecoding keys by tapping of all communication paths and illegal entry toall electronic safe servers during the backup operation also becomeshigh. Moreover, when independency of respective electronic safe serversis high, possibility for illegal recovery of the decoding keys byconspiracy of the electronic safe server management personnel can belowered.

Seventh, the present invention discloses that an original cryptographicseed information to be used for arithmetic generation of decoding keysis backed up in the electronic safe server, such cryptographic seedinformation is received from the electronic safe server at the time ofrecovery and the decoding key is generated from the cryptographic seedinformation via the decoding key generation algorithm. Thereby, safetynot only electronic value information but also for decoding key becomesextremely high.

The present invention enables, eighth, acquisition of electronic valueinformation from the electronic safe server when the owner informationis matched with the authentication information. Thereby, even if thedecoding key is lost or data cannot be extracted because terminals aredestroyed, the decoding keys can be obtained from the electronic safeservers to recover the electronic value information.

Ninth, the present invention discloses that the electronic valueinformation is selected depending on the preset backup conditions.Thereby, since the electronic value information to be backed up isselected automatically based on the preset conditions in place of manualselection by a user, a load of user can be alleviated and thereby thememory capacity of terminals and cost (time, expense) required forcommunication can also be controlled.

Tenth, the present invention discloses that since a set of electronicvalue information and decoding key is returned through communicationbetween the electronic safe servers when the owner is authenticated asthe correct information owner through the authentication in such a casethat the electronic value information and decoding key are stored indifferent safe servers for keeping the safety, the electronic valueinformation can be recovered even in the case where the decoding key islost and the data cannot be extracted because the terminals aredestroyed. Moreover, when the electronic value information is not usedimmediately, such information can be returned to the preceding conditionby encrypting the electronic value information using a new encryptionkey and then sending the encrypted information to one electronic safeserver and the other decoding key the other electronic safe server.

EMBODIMENTS

The preferred embodiments of the present invention will be explainedwith reference to the accompanying drawings. The present invention isnot limited only to these embodiments and may be modified and embodiedwithin the scope not departing from the subject matter thereof. Eachfigure will be indicated as FIG. 1, FIG. 2, . . . .

First Embodiment

The first embodiment in relation to first, second, and third aspect ofthe present invention will be explained with reference to FIG. 1, FIG.2, FIG. 3 and FIG. 4. FIG. 1 is a structural diagram illustrating anexample of the electronic information backup system explained in thisfirst embodiment. This system is assumed to be basically composed ofcomputers connected with the wired or wireless communication path,external extension devices and softwares operating on these elements.Here, a computer is the general name of the devices including a CPUoperating depending in the software programs.

In this first embodiment, an electronic wallet means 101, an electronicwallet storage means 102, an electronic information registration means106 and an electronic information recovery means 107 are comprisedwithin an IC card 501. A terminal 100 is a portable telephone terminalcomprising an IC card reader/writer and is capable of makingcommunication with the electronic information registration means 106 andelectronic information recovery means 107 formed within the IC card 501.The terminal 100 can communicate with the electronic safe means 103 asthe server through the wireless link. Moreover, the terminal 100 may bereplaced with a personal computer comprising the IC card reader or aset-top box or a portable personal computer.

Communication between the terminal 100 and electronic safe means 103 maybe executed with the wired link. It is also possible to structure thedevice having the identical function to that of the IC card 501 withinthe terminal 100.

The electronic wallet means 101, electronic information registrationmeans 106 and electronic information recovery means 107 are realizedwith the software, storage region for storing this software and OS forexecuting this software by interpreting it and CPU. Moreover, theelectronic wallet means 101 is capable of making reference to thecontent of the electronic wallet storage means 102 and also capable ofchanging the content. The electronic wallet storage means 102 can berealized with a programmable memory such as EEPROM.

An electronic value information means an electronic information such aselectronic cash, electronic ticket and electronic coupon or the like andthe registration certificate means an electronic information indicatinga duplicate of the electronic value information issued when theelectronic value information is registered to the electronic safe means103. FIG. 3 illustrates a management method of electronic valueinformation and registration certificate in the electronic walletstorage means 102. The electronic wallet means 101 places an index 851on the electronic wallet storage means 102. The index 851 summarizes thepointers for the information stored in the electronic wallet storagemeans 102, size of information and a set of the signs indicating a classof the information indicated with the pointer. Using this index 851, theelectronic wallet 101 can realize the functions explained below.

The electronic wallet means 101 obtains the pointer and size withreference to the index 851 in the electronic wallet storage means 102and can extract the electronic value information or registrationcertificate using the pointer and size acquired. The electronic walletmeans 101 obtains all pointers and sizes with reference to the index 851in the electronic wallet storage means 102; and also acquires allelectronic value information pieces and titles of the registrationcertificates using such pointers and sizes. It is also possible togenerate a list of all storage information pieces using the pointers,sizes and titles. Moreover, it is also possible to generate a list ofthe information matched with the conditions (for example, the list ofthe registration certificates and the list of information within theremaining one week until the end of effective period) by obtaining thepointers and sizes matched with the particular conditions.

Moreover, the electronic wallet means 101 writes the electronic valueinformation or registration certificate in the vacant region in theelectronic wallet storage mans 102 and adds the entry of a set of thecorresponding class, pointer and size to the index 851 in view ofstoring the electronic value information or registration certificate tothe electronic wallet storage means 102. On the contrary, the electronicvalue information or registration certificate can be deleted from theelectronic wallet storage means 102 by erasing the region indicated withthe pointer and size and then deleting the entry corresponding to thepointer and size from the index 851 with reference to the pointer andsize indicated in the index 851. Moreover, the electronic valueinformation or registration certificate information can be corrected bycombining the new registration and deletion. The process explained abovemay also be realized using the functions of the file system of theoperating system (OS) on the IC card 501.

The electronic information registration means 106 is composed of asoftware, a storage region for storing this software, an OS forinterpreting and executing this software and a CPU. This electronicinformation registration means 106 and electronic wallet means 101 canuse the OS and CPU in common. The electronic information registrationmeans 106 obtains the electronic value information from the electronicwallet means 101 and registers the registration certificate to theelectronic wallet means 101. Moreover, obtains a list of the electronicvalue information from the electronic wallet means 101.

The electronic information recovery means 107 can be composed of asoftware, a storage region for storing this software, an OS forinterpreting and executing this software and a CPU. Here, the electronicinformation recovery means 107 and electronic wallet means 101 can useOS and CPU in common. The electronic information recovery means 107acquires the registration certificate from the electronic wallet means101 and registers the electronic value recovery information to theelectronic wallet means 101. In addition, the electronic informationrecovery means 107 acquires a list of the registration certificate fromthe electronic wallet means 101.

The electronic safe means 103 is composed of a computer such as a workstation or a personal computer and a software operating on the computersystem. The electronic safe means 1103 can refer to the content of theelectronic safe storage means 110 and modifies such content. Theelectronic safe storage means 110 is a storage device having the contentto be referred or modified from the electronic safe means 103 and may berealized with a hard disc. On the electronic safe storage means 110, afile system under the management of the computer system OS isestablished.

FIG. 2( a) illustrates the electronic value information 201 as anexample of the electronic value information. When the electronic safemeans 103 accepts a registration request of the electronic valueinformation 201, it generates a registration certificate 301 using theelectronic value information 201. The flow of process to generate theregistration certificate 301 will be explained below.

The electronic safe means 103 generates a digest 302 illustrated in FIG.2( b) from the electronic value information 201 based on the setting.Moreover, the means 103 also generates the value X1 by applying theelectronic value information 201 to the uni-directional Hash function.The value Y1 is obtained with reference to a counter of the electronicsafe means 103. The counter increases one by one in the ascendingsequence and returns to 0 when the value reaches the upper limit. Thesedigest 302, Hash value X1 and counter value Y1 are set as theregistration certificate 301. Here, MD5 and SHA1 having higherdispersion property are used as the Hash function to generate the valueX1. The digest 302 may be a vacant information.

FIG. 4 illustrates a method of storing information on the electronicsafe storage means 110. The electronic safe means 103 stores theelectronic value information 201 to the electronic safe means 110 as afile 801 and the registration certificate 301 as a file 802. A pathinformation of the Hash value X1, counter value Y1 and file 801 as thestructural element of the registration certificate 301 and a pathinformation of file 802 are formed as a set and this set is thenregistered as an entry of the index file 852. The index file 852 is asingle-line CSV file for one entry and each line is sorted in theascending sequence with the counter value. When the registrationcertificate is presented to the electronic safe means 103 from theterminal 100, the electronic safe means 103 searches the entry groupwhere the electronic value information corresponding to the registrationcertificate is matched with the count value from the index file 852 inthe electronic safe storage means 110 and further squeezes such entrygroup to the entry group where the Hash value is matched and thenextracts the entry where the registration certificate is perfectlymatched. Thereby, it is now possible to search the electronic valueinformation corresponding to the registration certificate at a highspeed.

Procedures for a user 100 for backup of the electronic value information201 by manipulating a terminal 100 will be explained using each means.Operations in the following procedures are performed with user under thecondition that the IC card 501 is loaded to the terminal 100.

(1-1)

The terminal 100 requests an electronic value information list to theelectronic information registration means 106.

(1-2)

The electronic information registration means 106 requests theelectronic value information list to the electronic wallet means 101.

(1-3)

The electronic wallet mans 101 generates the electronic valueinformation list and sends it to the electronic information registrationmeans 106.

(104)

The electronic information registration means 106 sends the electronicvalue information list to the terminal 100.

(1-5)

The terminal 100 requests the electronic value information 201 selectedfrom the electronic value information list to the electronic informationregistration means 106.

(1-6)

The electronic information registration means 106 requests theelectronic value information 201 to the electronic wallet means 101.

(1-7)

The electronic wallet means 101 obtains the electronic value information201 from the electronic wallet storage means 102 and then sends it tothe electronic information registration means 106.

(1-8)

The electronic information registration means 106 sends the electronicvalue information 201 to the terminal 100.

(1-9)

The terminal 100 sends registration of the electronic value information201 to the electronic safe means 103.

(1-10)

The electronic safe means 103 stores the electronic value information201 to the electronic safe storage means 110.

(1-11)

The electronic safe means 103 sends the registration certificate 301 tothe terminal 100.

(1-12)

The terminal 100 sends the registration certificate 301 to theelectronic information registration means 106.

(1-13)

The electronic information registration means 106 requests registrationof registration certificate 301 to the electronic wallet means 101.

(1-14)

The electronic wallet means 101 respectively collates the content ofelectronic value information 201 with the digest 302 of the registrationcertificate 301 and also Hash calculation value of the electronic valueinformation 201 with the Hash value X1 of the registration certificate301 and stores, when matching is obtained, the registration certificate301 to the electronic wallet storage means 102 and then sends the endmessage to the electronic information registration means 106. Whenmatching is not obtained, the electronic wallet means 101 sends an errormessage.

(1-15)

The electronic information registration means 106 sends the end messageor error message obtained from the electronic wallet means 101 to theterminal 100.

Here, when the registration certificate 301 is stored normally in theelectronic wallet storage means 102, the electronic value information201 can be deleted from the electronic wallet storage means 102. When adevice having a smaller storage capacity like an IC card is used, thisis an effective means to effectively use the storage capacity.

Next, procedures for a user to recover the electronic value information201 corresponding to the registration certificate 301 stored in theelectronic wallet storage means 102 on the electronic wallet storagemeans 102 by manipulating the terminal 100 will be explained below.

(2-1)

The terminal 100 requests the registration certificate list to theelectronic information recovery means 107.

(2-2)

The electronic information recovery means 107 requests the registrationcertificate list to the electronic wallet means 101.

(2-3)

The electronic wallet means 101 generates the registration certificatelist and sends this list to the electronic information recovery means107.

(2-4)

The electronic information recovery means 107 sends the registrationcertificate list to the terminal 100.

(2-5)

The terminal 100 requests the registration certificate 301 selected fromthe registration certificate list to the electronic information recoverymeans 107.

(2-6)

The electronic information recovery means 107 requests the registrationcertificate 301 to the electronic wallet means 101.

(2-7)

The electronic wallet means 101 obtains the registration certificate 301from the electronic wallet storage means 102 and then sends it to theelectronic information recovery means 107.

(2-8)

The electronic information recovery means 107 sends the registrationcertificate 301 to the terminal 100.

(2-9)

The terminal 100 presents the registration certificate 301 to theelectronic safe means 103 to request acquisition of the correspondingelectronic value information.

(2-10)

The electronic safe means 103 searches and obtains the electronic valueinformation 201 using the registration certificate 301 and sends thisinformation to the terminal 100. In this case, the electronic safe means103 collates the content of the searched electronic value informationwith the registration certificate 301 and then stops, when mismatchingis obtained, the recovery process of the electronic value information201.

(2-11)

The terminal 100 sends the electronic value information 201 to theelectronic information recovery means 107.

(2-12)

The electronic information recovery means 107 requests registration ofthe electronic value information 201 to the electronic wallet means 101.

(2-13)

The electronic wallet means 101 registers the electronic valueinformation 201 to the electronic wallet storage means 102.

(2-14)

The electronic information recovery means 107 sends the end message tothe terminal 100.

As explained above, according to the electronic information backupsystem of the first embodiment, the electronic value information of usercan be backed up on the electronic safe storage means, the summary ofthe electronic value information backed up can be recognized withoutinquiry to the electronic safe means and the electronic valueinformation can be recovered on the electronic wallet storage means asrequired.

Second Embodiment

Next, the second embodiment in relation to fourth and fifth aspects ofthe present invention will be explained with reference to FIGS. 5 to 9.FIG. 5 is a structural diagram illustrating an example of the electronicinformation backup system of the second embodiment. This system replacesthe terminal 100 of the system illustrated in the first embodiment(FIG. 1) with a terminal 112, the electronic safe means 103 with anelectronic safe means 113 and the IC card 501 with an IC card 502. TheIC card 502 is formed by adding an encrypting/decoding means 105, a keystorage means 104 and a key management means 115 to the IC card 501,modifies the electronic information registration means 106 to theelectronic information registration means 120 and also modifies theelectronic information recovery means 107 to the electronic informationrecovery means 121.

The encrypting/decoding means 105 is formed comprising a software, astorage area for storing this software, an OS for interpreting andexecuting this software and a CPU. The key storage means 104 realizes aprogrammable memory such as EEPROM. Here, the encrypting/decoding means105 and the electronic wallet means 101 can use in common the OS andCPU. Moreover, the key storage means 104 and electronic wallet storagemeans 102 can use in common the EEPROM.

The key storage means 104 stores, as illustrated in FIG. 7, anencryption key 401 and a decoding key 402. In this second embodiment, apair of the encrypting key 401 and the decoding key 402 stored in thekey storage means 104 is generated with the encrypting/decoding means105. The encrypting/decoding means 105 uses the public key encryptionsystem, defining the encrypting key 401 as a public key and the decodingkey 402 as a secret key.

Here, it is also possible to use the common key encryption system as theencryption system of the encrypting/decoding means 105. In this case,the encrypting key 401 and decoding key 402 become the identical key.The key management means 115 has the function to obtain the key storedin the key management means 104, the function to register a new key tothe key storage means 104 and the function to delete the existing keysfrom the key management means 104.

The encrypting/decoding means 105 has the function to obtain theencryption key from the key storage means 104 via the key managementmeans 115 and return the encrypted electronic information attained byencrypting the input electronic information with the encryption key 401,the function to obtain the decoding key 402 from the key storage means104 via the key management means 115 and return the electronicinformation by decoding the input encrypted electronic information withthe decoding key 402 and the function to generate the encryptedinformation (electronic signature) that is obtained by encrypting theHash value for the input information using the encryption key 401.Moreover, on the contrary, such encrypting/decoding means 105 also hasthe function to inspect the electronic signature using the decoding key402. Here, the encryption key 401 and the decoding key 402 may be theencryption key of the common key encryption system that is intrinsic tothe IC card 502. Moreover, the encryption key 401 and decoding key 402respectively may be a pair of keys of the public key and secret key ofthe public key encryption system intrinsic to the IC card 502.

The electronic information registration means 120 has all functionsidentical to that of the electronic information registration means 106of the first embodiment and simultaneously has the function to generatethe registration electronic value information 203 as illustrated in FIG.6( a). The electronic information registration means 120 obtains theencryption electronic value information 202 from the electronic valueinformation 201 using the encrypting/decoding means 105, generates thedigest 302 using the information extracted from the electronic valueinformation 201 and also generates the registration electronic valueinformation 203 by combining the digest 302, encryption electronic valueinformation 202 and the signature 303 generated from the informationsummarized from the digest 302 and encryption electronic valueinformation 202 using the encrypting/decoding means 105. Moreover, suchelectronic information registration means 120 also has the function toobtain the key information from the key storage means 104 via the keymanagement means 115.

The electronic information recovery means 121 has all functionsidentical to that of the electronic information recovery means 107 andsimultaneously has the function to extract the encryption informationvalue information 202 from the registration electronic value information203 after the checking of validity of the signature 303 in theregistration electronic value information 203 using theencrypting/decoding means 105 and then decode the electronic valueinformation 201 from the encryption electronic value information 202using the encrypting/decoding means 105. Moreover, the electronicinformation recovery mean 121 has the function to register the keyinformation to the key storage means 104 via the key management mean115.

The electronic safe means 113 is modified from the software of theelectronic safe means 103 illustrated in FIG. 1 and the electronic safemeans 113 can refer to and modify the content of the electronic safestorage means 110. When the electronic safe means 113 has received therequest for registration of the registration electronic valueinformation 203, it generates the registration certificate 304illustrated in FIG. 6( b) using the registration electronic valueinformation 203. The flow of process to generate the registrationcertificate 304 will be explained below.

The electronic safe means 113 extracts the digest 302 from theregistration electronic value information 203. Moreover, it generatesthe value X2 by applying the encryption electronic value information 202to the uni-directional Hash function and also obtains the value Y2 byreferring to the counter provided in the electronic safe means 113. Thiscounter is assumed to increase one by one in the ascending sequence forevery reference and then returns to zero when the value reaches theupper limit. These digest 302, Hash value X2 and counter value Y2 areformed as a set of registration certificate 304. As the Hash functionused to generate the value X2, MD5 and SHA1 having higher dispersionproperty are used. Since the registration certificate 304 includes theinformation of digest 302, summary of the electronic value informationregistered can be detected by referring to the registration certificate304. Here, the digest 302 may be a vacant information but in this case,the summary of electronic value information cannot be detected from theregistration certificate 304.

Moreover, when the electronic safe means 113 has received theregistration request of the decoding key 402, it generates theregistration certificate 305 illustrated in FIG. 8( a). The registrationcertificate 305 is composed of the digest 305 indicating thisregistration certificate corresponds to the key information, the Hashvalue X3 generated from the decoding key 402 and the counter value Y3comprised in the electronic safe means 113. As illustrated in FIG. 8(b), the digest 306 is composed of an information class and a keyinformation indicating that the registration certificate corresponds tothe key information.

The registration certificate 304 for the electronic value information isdiscriminated from the registration certificate 305 for the keyinformation from difference between the information class included inthe registration certificate 304 for the electronic value informationand the information class included in the registration certificate 305corresponding to the key information. Thereby, when the electronic safemeans 113 stores the electronic value information and key information tothe electronic safe storage means 110, the same management method can beused for these registration certificates. FIG. 9 illustrates suchmanagement method.

The electronic safe means 113 as all functions of the electronic safemeans 103 in the first embodiment and also stores, to the electronicsafe storage means 110, the registration electronic value information203 as the file 803, the registration certificate 304 as the file 804,the decoding key 402 as the file 805 and registration certificate 305 asthe file 806, respectively. The Hash value X2 and counter value Y2 asthe structural element of registration certificate 304, the pathinformation of file 803 and the path information of file 804 arecombined as a set and this set is registered as an entry of the indexfile 853. Moreover, the Hash value X3 and counter value Y3 as thestructural element of registration certificate 305, path information offile 805 and path information of file 806 are combined as a set and thisset is registered as one entry of the index file 853. The index file 853is the single line CSV file of one entry and each line is sorted in theascending sequence with the counter value. When the registrationcertificate is presented to the electronic safe means 113 from theterminal 112, the electronic safe means 113 searches, from the indexfile 853 in the electronic safe storage means 110, an entry group wherethe electronic value information corresponding to the registrationcertificate is matched with the counter value and further squeezes theentry group where the Hash value is matched to extract the entry wherethe registration certificate is perfectly matched. Thereby, theelectronic value information corresponding to the registrationcertificate is searched at a high speed. Here, the index files for theelectronic value information and key information may be discriminated.

Next, the procedures for a user to backup the electronic valueinformation 201 through manipulation of the terminal 112 will beexplained below. The selecting operations in the following proceduresare performed with a user.

(1-1)

The terminal 112 requests the electronic value information list to theelectronic information registration means 120.

(1-2)

The electronic information registration mans 120 requests the electronicvalue information list to the electronic wallet means 101.

(1-3)

The electronic wallet means 101 generates the electronic valueinformation list and sends this list to the electronic information valueregistration means 120.

(1-4)

The electronic information registration means 120 sends the electronicvalue information list to the terminal 112.

(1-5)

The terminal 112 notifies selection of the electronic value information201 selected from the electronic value information list to theelectronic information registration means 120.

(1-6)

The electronic information registration means 120 requests theelectronic value information 201 to the electronic wallet means 101.

(1-7)

The electronic wallet means 101 acquires the electronic valueinformation 201 from the electronic wallet storage means 102 and thensends this information to the electronic information registration means120.

(1-8)

The electronic information registration means 120 acquires theencryption electronic value information 202 from the electronic valueinformation 201 using the encrypting/decoding means 105 and generatesthe registration electronic value information 203 from the electronicvalue information 201 and encryption electronic value information 202.

(1-9)

The electronic information registration means 120 sends the registrationelectronic value information 203 to the terminal 112.

(1-10)

The terminal 112 requests registration of the registration electronicvalue information 203 to the electronic safe means 113.

(1-11)

The electronic safe means 113 stores the registration electronic valueinformation 203 to the electronic safe storage means 110 andsimultaneously generates the registration certificate 304 from theregistration electronic value information 203.

(1-12)

The electronic safe means 113 sends the registration certificate 304 tothe terminal 100.

(1-13)

The terminal 112 sends the registration certificate 304 to theelectronic information registration means 120.

(1-14)

The electronic information registration means 120 requests registrationof the registration certificate 204 to the electronic wallet means 101.

(1-15)

The electronic wallet means 101 collates respectively the digestgenerated from the content of electronic value information 201 and thedigest 302 of the registration certificate 304 with the value obtainedby Hash calculation of the digest and the Hash value X2 of theregistration certificate 304 and stores, when matching is attained, theregistration certificate 304 to the electronic wallet storage means 102and then sends the end message to the electronic informationregistration means 120 or sends, when matching is not attained, an errormessage.

(1-16)

The electronic information registration means 120 sends the end messageor error message obtained from the electronic wallet means 101 to theterminal 112.

Next, the procedures for a user to recover, on the electronic walletstorage means 102 by manipulating the terminal 112, the electronic valueinformation 201 corresponding to the registration certificate 304 storedin the electronic wallet storage means 102 will be explained below.

(2-1)

The terminal 112 requests the registration certificate list to theelectronic information recovery means 121.

(2-2)

The electronic information recovery means 121 requests the registrationcertificate list to the electronic wallet means 101.

(2-3)

The electronic wallet means 101 generates the registration certificatelist and sends this list to the electronic information recovery means121.

(2-4)

The electronic information recovery means 121 sends the registrationcertificate list to the terminal 112.

(2-5)

The terminal 112 requests the registration certificate 304 selected fromthe registration certificate list to the electronic information recoverymeans 121.

(2-6)

The electronic information recovery means 121 requests the registrationcertificate 304 to the electronic wallet means 101.

(2-7)

The electronic wallet means 101 acquires the registration certificate304 from the electronic wallet means 102 and sends it to the electronicinformation recovery means 121.

(2-8)

The electronic information recovery means 121 sends the registrationcertificate 304 to the terminal 112.

(2-9)

The terminal 112 presents the registration certificate 304 to theelectronic safe means 113 and requests acquisition of the correspondingelectronic value information.

(2-10)

The electronic safe means 103 searches and acquires the registrationelectronic value information 203 using the registration certificate 304and sends it to the terminal 112. In this case, the electronic safemeans 103 collates the content of the searched electronic valueinformation with the registration certificate 304 and stops, whenmatching is not attained, the recovery process of the electronic valueinformation 201.

(2-11)

The terminal 112 sends the registration electronic value information 203to the electronic information recovery means 121.

(2-12)

When the electronic information recovery means 121 inspects andrecognizes the signature 303 of the registration electronic valueinformation 203 using the encrypting/decoding means 105, the encryptionelectronic value information 202 extracted from the registrationelectronic value information 203 is decoded using theencrypting/decoding means 105 to obtain the electronic value information201.

(2-13)

The electronic information recovery means 121 requests registration ofthe electronic value information 201 to the electronic wallet means 101.

(2-14)

The electronic wallet means 101 registers the electronic valueinformation 201 to the electronic wallet storage means 102.

(2-15)

The electronic information recovery means 121 sends the end message tothe terminal 112.

Moreover, the procedures for a user to backup the decoding key 402 bymanipulating the terminal 112 will be explained below. The selectingoperations in the following procedures are all performed with a user.

(3-1)

The terminal 112 requests the decoding key 402 to the electronicinformation registration means 120.

(3-2)

The electronic information registration means 120 requests the decodingkey 402 to the key management means 115.

(3-3)

The key management means 115 acquires the decoding key 402 from the keystorage means 104 and sends this decoding key 402 to the electronicinformation registration means 120.

(3-4)

The electronic information registration means 120 sends the decoding key402 to the terminal 112.

(3-5)

The terminal 112 requests registration of the decoding key 402 to theelectronic safe means 113.

(3-6)

The electronic safe means 113 stores the decoding key 402 to theelectronic safe storage means 110 and simultaneously generates theregistration certificate 305.

(3-7)

The electronic safe means 113 sends the registration certificate 305 tothe terminal 112.

(3-8)

The terminal 112 sends the registration certificate 305 to theelectronic information registration means 120.

(3-9)

The electronic information registration means 120 requests registrationof the registration certificate 305 to the electronic wallet means 101.

(3-10)

The electronic wallet 101 stores the registration certificate in theelectronic wallet storage means 102 and sends the end message to theelectronic information registration means 120.

(3-11)

The electronic information registration means 120 sends the end messageor error message obtained from the electronic wallet means 101 to theterminal 112.

Next, the procedures for a user to recover, on the key storage means104, the decoding key 402 corresponding to the registration certificate305 stored in the electronic wallet storage means 102 by manipulatingthe terminal 112 will be explained below.

(4-1)

The terminal 112 requests the registration certificate list to theelectronic information recovery means 121.

(4-2)

The electronic information recovery means 121 requests the registrationcertificate list to the electronic wallet means 101.

(4-3)

The electronic wallet means 101 generates the registration certificatelist and sends it to the electronic information recovery means 121.

(4-4)

The electronic information recovery means 121 sends the registrationcertificate list to the terminal 112.

(4-5)

The terminal 112 requests the registration certificate 305 selected fromthe registration certificate list to the electronic information recoverymeans 101.

(4-6)

The electronic information recovery means 121 requests the registrationcertificate 305 to the electronic wallet means 101.

(4-7)

The electronic wallet means 101 acquires the registration certificate305 from the electronic wallet storage means 102 and sends it to theelectronic information recovery means 121.

(4-8)

The electronic information recovery means 121 sends the registrationcertificate 305 to the terminal 112.

(4-9)

The terminal 112 presents the registration certificate 305 to theelectronic safe means 113 to request acquisition of the correspondingdecoding key.

(4-10)

The electronic safe means 103 searches the decoding key 402 using theregistration certificate 305 and sends it to the terminal 112.

(4-11)

The terminal 112 sends the decoding key 402 to the electronicinformation recovery means 121.

(4-12)

The electronic information recovery means 121 requests registration ofthe decoding key 402 to the key management means 115.

(4-13)

The key management means 115 registers the decoding key 402 to the keystorage means 104.

(4-14)

The electronic information recovery means 121 sends the end message tothe terminal 112.

Here, communication between the electronic information registrationmeans 120 and electronic safe means 113 may be made with the encryptedcommunication method in order to prevent tapping of the communicationpath including the terminal 112. In this case, it is impossible for theterminal 112 to detect the content of information. Moreover,communication between the electronic information recovery means 121 andthe electronic safe means 113 also may be made with the encryptedcommunication method in order to prevent tapping of the communicationpath including the terminal 112. In this case, the terminal 112 alsocannot detect the content of information of communication.

As explained above, according to the electronic information backupsystem of the second embodiment, the electronic value information can berecovered, even when the key storage means is destroyed, by encryptingthe electronic value information of the user using a secret key for theelectronic safe mans for the purpose of backup, locally detecting thesummary of the backup electronic value information, recovering theencrypted backup electronic value information as required from theelectronic safe means and then storing the decoding key in theelectronic safe means.

Third Embodiment

Next, the third embodiment in relation to a sixth aspect of the presentinvention will be explained with reference to FIG. 10. FIG. 10 is astructural diagram illustrating an example of the electronic informationbackup system of the third embodiment. This system replaces the terminal112 of the system of the second embodiment (FIG. 5) with the terminal114 and additional provides the electronic safe means 123 for makingcommunication with the terminal 114 and the electronic safe storagemeans 122 as a storage device of the electronic safe means 123. Theelectronic safe means 123 and electronic safe storage means 122 have thefunctions identical to that of the electronic safe means 113 andelectronic safe storage means 110. The terminal 114 has all functionsthat are identical to the functions of the terminal 112 andsimultaneously has the function to backup the electronic valueinformation and decoding key for the electronic safe means 123.

In the third embodiment, the registration electronic value information203 generated from the electronic value information 201 is backed up forthe electronic safe means 113 and the decoding key 402 is also backed upfor the electronic safe means 123. The backup sequence of the decodingkey 402 is identical to that of the second embodiment, except for thatthe backup destination is changed to the electronic safe means 123 fromthe electronic safe means 113. Therefore, the electronic valueinformation 201 is never decoded for the electronic safe means 113 andelectronic safe means 123, unless otherwise there is conspiracy by theelectronic safe means 113 and electronic safe means 123.

Here, the communication between the electronic information registrationmans 120 and electronic safe means 113 may be encrypted in order toprevent the tapping in the communication path including the terminal114. In this case, the terminal 114 cannot detect content of informationunder the communication. Moreover, the communication between theelectronic information recovery means 121 and electronic safe means 113may be encrypted in order to prevent the tapping in the communicationpath including the terminal 114. In this case, the terminal 114 cannotdetect content of information under the communication.

Moreover, the communication between the electronic informationregistration means 120 and electronic safe means 123 may also beencrypted in order to prevent the tapping in the communication pathincluding the terminal 114. In this case, the terminal 114 cannot detectcontent of the information under the communication. Moreover, thecommunication between the electronic information recovery means 121 andelectronic safe means 123 may also be encrypted in order to prevent thetapping in the communication path including the terminal 114. In thiscase, the terminal 114 cannot detect content of the information underthe communication.

As explained above, according to the electronic information backupsystem of the third embodiment, it is possible to make it impossible,unless otherwise there is conspiracy between two electronic safe means,to obtain the original electronic value information by backing up theelectronic value information of user to the electronic safe meansthrough the encryption using a secret key, locally detecting the summaryof the backed up electronic value information, recovering the electronicvalue information backed up through the encryption as required from theelectronic safe means and storing the decoding key to the electronicsafe means that is different from that storing the encrypted electronicvalue information.

Fourth Embodiment

Next, the fourth embodiment in relation to seventh, eighth, ninthaspects of the present invention will be explained with reference toFIG. 11. FIG. 11 is a structural diagram illustrating an example theelectronic information backup system in the fourth embodiment. Thissystem replaces the terminal 114 of the system of the third embodiment(FIG. 10) with the terminal 114 and also replaces the IC card 502 withthe IC card 503. The IC card 503 is formed by adding, to the IC card502, an electronic information dividing means 126 and an electronicinformation combining means 127, modifies the electronic informationregistration means 120 to the electronic information registration means124 and the electronic information recovery means 121 to the electronicinformation recovery means 125. The electronic information dividingmeans 126 and electronic information combining means 127 are formed of asoftware, a storage area for storing this software, an OS forinterpreting and executing this software and a CPU.

Operations of the fourth embodiment will be explained. In this case,only the part different from the second and third embodiments will beexplained because the basic operations thereof are similar to that ofthe second and third embodiments. The electronic information dividingmeans 126 divides the electronic value information to the desired numberof partial electronic information pieces to which the identifiers torecover the electronic value information to the original electronicvalue information. The electronic information combining means 127recovers the original electronic value information from such all dividedelectronic information pieces. The electronic information registrationmeans 124 acquires a plurality of partial electronic information piecesby requesting a division of the electronic value information to theelectronic information dividing means 126 and also acquires the samenumber of partial information registration certificates by registeringall partial electronic information pieces to the electronic safe means113. The electronic information recovery means 125 acquires the samenumber of partial electronic information pieces by presenting allacquired partial information registration certificates to the electronicsafe means 113 corresponding to respective partial informationregistration certificates and the electronic information combining means127 recovers the electronic value information on the electronic walletmeans 101 from all acquired partial electronic information pieces.

In the fourth embodiment, the electronic information registration means124 acquires the encryption-divided electronic information by encryptingthe division electronic information to be registered using theencrypting/decoding means 105 and also acquires the correspondingregistration certificate by registering the acquired encryption-dividedelectronic information to the electronic safe means 113, but, on thecontrary, it is also possible that the encryption-divided electronicinformation is acquired by encrypting the electronic value informationusing the encrypting/decoding means 105, the division-encryptedelectronic information is acquired from the acquired encryption-dividedelectronic information using the electronic information dividing means126 and the corresponding registration certificate is acquired byregistering the division-encrypted electronic information to theelectronic safe means 113. Moreover, as explained in the thirdembodiment, it is also possible to backup the encryption-dividedelectronic information for the electronic safe means 113 and backup thedecoding key for the electronic safe means 123.

Fifth Embodiment

Next, the fifth embodiment in relation to a tenth aspect of the presentinvention will be explained with reference to FIG. 12. FIG. 12 is astructural diagram illustrating an example of the electronic informationbackup system of the fifth embodiment. This system replaces the terminal114 of the system of the third embodiment (FIG. 10) with the terminal117 and also the IC card 502 with the IC card 504. The IC card 504 adds,to the IC card 502, an electronic information coupling means 130 and anelectronic information decoupling means 131, modifies the electronicinformation registration means. 120 to an electronic informationregistration means 128 and also the electronic information recoverymeans 121 to an electronic information recovery means 129. Theelectronic information coupling means 130 couples a plurality ofelectronic value information pieces and outputs one coupled electronicinformation. The electronic information decoupling means 131 decouplesthe coupled electronic information to a plurality of original electronicinformation pieces. The electronic information coupling means 130 andelectronic information decoupling means 131 are formed of a software, astorage area for storing this software, an OS for interpreting andexecuting this software and a CPU.

Operations of this fifth embodiment will be explained below. In thiscase, only the part different from the third embodiment will beexplained because the basic operations are identical to that of thethird embodiment. The electronic information coupling means 130generates one coupled electronic information from a set of a pluralityof electronic value information pieces, the electronic informationregistration means 128 registers this coupled electronic information tothe electronic safe means 113 and acquires the corresponding coupledelectronic information registration certificate, the electronicinformation recovery means 129 presents this coupled electronicinformation registration certificate and acquires the correspondingcoupled electronic information from the electronic safe means 113 andthe electronic information decoupling means 131 generates a set of aplurality of original electronic value information pieces from thecoupled electronic information and then recovers it on the electronicwallet means 101.

In the fifth embodiment, the electronic information registration means128 acquires the coupling-encrypted electronic information by encryptingthe coupling electronic information to be registered using theencrypting/decoding means 105 and also acquires the correspondingregistration certificate by registering the acquired coupling-encryptedelectronic information to the electronic safe means 113. However, it isalso possible to acquire, on the contrary, the encryption electronicinformation by encrypting a plurality of electronic value informationpieces using the encrypting/decoding means 105 and then obtain thecorresponding registration certificate by registering thecoupling-encrypted electronic information to the electronic safe means113 using the electronic information coupling means 130 from theacquired encryption electronic information. Moreover, as in the case ofthe third embodiment, the coupling-encrypted electronic information isbacked up for the electronic safe means 113, while the decoding key isbacked up for the electronic safe means 123.

Sixth Embodiment

Next, the sixth embodiment in relation to eleventh and twentieth aspectsof the present invention will be explained with reference to FIG. 13.FIG. 13 is a structural diagram illustrating an example of theelectronic information backup system of the sixth embodiment. Thissystem combines the fourth embodiment (FIG. 11) and fifth embodiment(FIG. 12) and uses the new terminal 118 and IC card 505. The IC card 505comprises the electronic information registration means 132 andelectronic information recovery means 133, electronic dividing means 134and electronic combining means 135, electronic information couplingmeans 136 and electronic information decoupling means 137. The otherpart is identical to the fourth and fifth embodiments.

Operations of the sixth embodiment will be explained below, butdifferences of this sixth embodiment from the fourth and sixthembodiments are that the decoding key is divided to a couple of partialkeys, one partial key is registered to one electronic safe means 113 byforming a set with the electronic value information and the otherpartial key is registered to the other electronic safe means 123. Theelectronic information dividing means 134 divides, into a plurality ofpartial keys, the decoding key information that is acquired by theelectronic information registration means 132 from the key storage means104 via the key management means 105. The encrypting/decoding means 105encrypts the electronic value information acquired by the electronicinformation registration means 132 from the electronic wallet means 101to obtain the encryption electronic information. The electronicinformation coupling means 136 couples such encryption electronicinformation and the partial key group A as a part of the divided partialkey to output the coupled electronic information. The electronicinformation registration means 132 obtains the correspondingregistration certificates by respectively registering the coupledelectronic information to the electronic safe mans 113 and the partialkey group B as the remaining partial key to the different electronicsafe means 123. The electronic information recovery means 133 presentsthese registration certificates to the corresponding electronic safemeans 113 and 123 and acquires the coupled electronic information andpartial key group B. The electronic information decoupling means 137decouples the coupled electronic information into the encryptionelectronic information and the partial key group A, the electronicinformation combining means 135 generates the decoding key by combiningthe partial key group A and partial key group B, the encrypting/decodingmeans 105 outputs the electronic value information by decoding theencryption electronic information and the electronic informationrecovery means 133 recovers the key information on the key storage means104 via the key management means 115 and also recovers the electronicvalue information on the electronic wallet means 101.

In above explanation, the electronic value information is divided intothe two partial information pieces but it may also be divided to threeor more partial information pieces. Moreover, it is also possible todeposit the divided electronic value information pieces to only oneelectronic safe means. In addition, it is not always required to depositall divided electronic value information pieces and only the requiredones may be deposited. Further, it is of course possible that theelectronic value information itself is divided into a plurality ofinformation pieces, as illustrated in FIG. 4, one divided electronicinformation is combined with one divided key information and is thenregistered to one electronic safe means 113 and the other dividedelectronic information is combined with the other divided keyinformation and is then registered to the other electronic safe means123. In addition, like the fifth embodiment, the electronic valueinformation combining a plurality of electronic value information piecesmay be used as the electronic value information.

With use of the system explained above, since the encrypted electronicvalue information cannot be decoded only by acquiring a part of thedecoding key, the key information and moreover electronic valueinformation can be safely backed up by encryption and backup of theelectronic value information of a user using a secret key for theelectronic safe means, locally detecting the summary of the backed-upelectronic value information, recovering, from the electronic safemeans, the electronic value information backed up as required throughthe encryption and by backing up one divided key to one electronic safeserver together with the electronic value information through thedivision of the decoding key and then backing up the other divided keyto the other electronic safe server.

Seventh Embodiment

Next, the seventh embodiment in relation to a thirteenth aspect of thepresent invention will be explained with reference to FIG. 14. FIG. 14is a structural diagram illustrating an example of the electronicinformation backup system of the seventh embodiment. This systemreplaces the IC card 505 of the seventh embodiment (FIG. 13) with the ICcard 506. The IC card 506 holds, for the IC card 505, the originalencryption seed information 140 that is used by the key storage means139 to mathematically generate the decoding key and the decoding keygeneration algorithm 141 to generate the decoding key from thisencryption seed information. The encrypting/decoding means 142 generatesthe decoding key by multiplying the encryption seed information 140 withthe decoding key generation algorithm 141. The encryption seedinformation 140 and decoding key generation algorithm 141 may be heldfrom the beginning to the key storage means 139 or any one may be heldand the other may be down-loaded later from the outside, or both mayalso be down-loaded from the outside. As the encryption seedinformation, the prime number or other known information may be used andthis information may also be replaced not only with the decoding key butalso with the information that is the source information tomathematically generate a pair of the encryption key and decoding key.

Operations of the seventh embodiment will be explained but since thebasic operations are identical to that of the first to sixthembodiments, only different part from these embodiments will beexplained below.

(1-1)

The terminal 118 requests acquisition of the decoding key to theencrypting/decoding means 142.

(1-2)

The encrypting/decoding means 142 refers to the key storage means 139via the key management means 138 and acquires the encryption seedinformation 140.

(1-3)

The encrypting/decoding means 142 transfers the encryption seedinformation 140 to the electronic information registration means 132.

(1-4)

The electronic information registration means 132 requests registrationof the encryption seed information 140 to the electronic safe means 123via the terminal 118.

(1-5)

The electronic safe means 123 stores the encryption seed information 140to the electronic safe means 123 and notifies end of registration bysending the encryption seed information registration certificate to theterminal 118.

(1-6)

The terminal 118 transfers the encryption seed registration certificateto the electronic information registration means 132.

(1-7)

The key management means 138 transfers the encryption seed registrationcertificate to the key storage means 139 and deletes the encryption seedinformation 140 from the key storage means 139.

(2-1)

The terminal 118 requests the electronic value information list to theelectronic wallet means 101. The electronic wallet means 101 generatesthe electronic value information list and sends it to the terminal 118.

(2-2)

The terminal 118 requests presentation of the electronic valueinformation selected from the electronic value information list to theelectronic wallet means 101. The electronic wallet means 101 acquiresthe electronic value information from the electronic wallet storagemeans 102. The encrypting/decoding means 142 generates the encryptionelectronic value information from the electronic value information andsends this information to the electronic wallet means 101. Theelectronic wallet means 101 sends the encryption electronic valueinformation to the terminal 118 via the electronic registration mans132.

(2-3)

The terminal 118 requests registration of the encryption electronicvalue information to the electronic safe means 113. The electronic safemeans 113 stores the encryption electronic value information to theelectronic safe storage means 110, generates the electronic informationregistration certificate and sends the registration certificate to theterminal 118.

(2-4)

The terminal 118 requests storage of the electronic informationregistration certificate to the electronic wallet means 101 via theelectronic information registration means 132. The electronic walletmeans 101 stores the electronic information registration certificate tothe electronic wallet storage means 102 and sends the end message to theterminal 118.

(3-1)

The terminal 118 requests the decoding key to the encrypting/decodingmeans 142 via the electronic information recovery means 133.

(3-2)

The key management means 138 extracts the encryption seed informationregistration certificate from the key storage means 139 and transfersthe certificate to the encrypting/decoding means 142.

(3-3)

The encrypting/decoding means 142 transfers the encryption seedinformation registration certificate to the electronic informationrecovery means 133 and the terminal 118 presents the encryption seedinformation registration certificate to the electronic safe means 123via the electronic information recovery means 133 to request returningof the encryption seed information.

(3-4)

The electronic safe means 123 extracts the relevant encryption seedinformation from the encryption seed information registrationcertificate from the electronic safe storage mans 122 and transfers itto the terminal 118.

(3-5)

The encrypting/decoding means 142 receives the decoding key generationalgorithm 141 from the key storage means 139 via the key managementmeans 138 and generates the decoding key by multiplying the decoding keygeneration algorithm 141 with the encryption seed information receivedvia the electronic information recovery means 133.

(3-6)

The encrypting/decoding means 142 stores the recovered decoding key tothe key management means 139 via the key management means 138.

(3-7)

The encrypting/decoding means 142 notifies, to the terminal 118, thatthe recovery of the decoding key is completed.

In the seventh embodiment, the electronic value information isregistered to the electronic safe means 113 and the encryption seedinformation is registered to the electronic safe means 123, but it isalso possible that both are registered to only one electronic safe meansto receive the respective registration certificates. Moreover, it isalso possible like the sixth embodiment that the encryption seedinformation is divided to two information pieces with the electronicdividing means 134, one is combined with the electronic valueinformation with the electronic coupling means 136 and are thenregistered to the electronic safe means 113, the other divided seedinformation is registered to the other electronic safe means 123, theelectronic value information received from the electronic safe mean 113is divided, at the time of recovery, to the electronic value informationand one seed information with the electronic decoupling means 137 andthe divided seed information and the other seed information receivedfrom the electronic safe means 123 are coupled with the electronicinformation coupling means 135 into only one seed information.

With use of the system explained above, since the information recoveryis impossible only with acquisition of the encryption seed information,the key information and moreover the electronic value information can bebacked up very safely by backing up the electronic value information ofthe user through the encryption using a secret key for the electronicsafe means, locally detecting the summary of the backed-up electronicvalue information, recovering, from the electronic safe means, theelectronic value information that is backed up through the encryption asrequired and backing up the original encryption seed information inplace of backing up the decoding key itself to decode the encryption.

Eighth Embodiment

Next, the eighth embodiment in relation to a fourteenth aspect of thepresent invention will be explained with reference to FIG. 15. FIG. 15is a structural diagram illustrating an example of the electronicinformation backup system of the eighth embodiment. This system replacesthe terminal 118 of the system of the sixth embodiment (FIG. 13) withthe terminal 119 and replaces the IC card 505 with the IC card 507. TheIC card 507 modifies the electronic information registration means 132to the electronic information registration means 143 for the IC card 505and also modifies the electronic information recovery means 133 to theelectronic information recovery means 144. The terminal 119 is connectedwith an owner information input means 145 and an owner authenticationinformation input means 146.

Operations of this eighth embodiment are explained below but since thebasic operations are identical to that of the first embodiment to sixthembodiment, only the part different from these embodiments will beexplained. The terminal 119 allows input of the intrinsic ownerinformation from the owner information input means 145 and also allowsinput of the owner authentication information corresponding to the ownerinformation from the owner authentication information input means 146.The electronic information registration means 143 registers a set of theelectronic value information and the owner authentication informationacquired from the owner authentication information input means 146. Theelectronic information recovery means 144 presents the owner informationacquired from the owner information input means 145 to the electronicsafe means 113 and obtains the electronic value information whencollation with the owner authentication information is completedsuccessfully. The owner information and owner authentication informationmay simply be compared using the same information or the valuecalculated with the unidirection function from the owner information maybe used as the owner authentication information. Moreover, a passwordmay also be used as the owner information and a finger print or a palmprint and a living body information such as iris may also be used.

With use of the system explained above, the authentication can berealized with a safe method by backing up through the encryption theelectronic value information of a user using a secret key for theelectronic safe means, locally detecting the summary of the backed-upelectronic value information, recovering, from the electronic safemeans, the electronic value information backed up through encryption asrequired, and decoding the electronic value information encryptedthrough recovery on the key storage means when the authentication issuccessful even if the decoding key for decoding the encryption is lost.

Ninth Embodiment

Next, the ninth embodiment in relation to fifteenth, sixteenth,seventeenth aspects of the present invention will be explained withreference to FIG. 16. FIG. 16 is a structural diagram illustrating anexample of the electronic information backup system of this ninthembodiment of FIG. 16. This system replaces the terminal 119 of thesystem of the eighth embodiment (FIG. 15) with the terminal 147 and thisterminal 147 is connected with an owner information input means 145, anowner authentication information storage means 148 and an ownerauthentication means 149.

Operations of the ninth embodiment will be explained below, but sincethe basic operation is similar to that of the first embodiment to sixthembodiment, only the part different from these embodiments will beexplained. The terminal 147 allows input of the intrinsic ownerinformation from the owner information input mans 145. The ownerauthentication information storage means 148 holds the ownerauthentication information corresponding to the input owner information.The owner authentication means 149 inspects legitimacy by collating theinput owner information and stored owner authentication information.When the owner is authenticated as the legitimate owner as a result ofinspection, the terminal 147 notifies it to the electronic safe means113 and this electronic safe means 113 establishes the encryptioncommunication path between the electronic information registration means143 and electronic safe means 113. The electronic informationregistration means 143 registers the electronic value information to theelectronic safe means 113 via this encryption communication path and theelectronic safe means 113 holds a set of the owner authenticationinformation corresponding to the result of authentication and theelectronic value information to the electronic safe storage means 110.Thereby, the electronic information recovery means 144 can acquire theelectronic value information corresponding to the owner authenticationinformation based on the result of authentication via the aboveencryption communication path.

Here, it is also possible that a common key that is used temporarilywith the owner information input means 145 and owner authenticationmeans 149 is generated and used in common and the owner information isencrypted using this common key and it is then transmitted to the ownerauthentication means 149. Moreover, it is also possible that the ownerinformation input means 145 encrypts the owner information with a publickey corresponding to the intrinsic secret key of the ownerauthentication means 149 and then transmits the encrypted ownerinformation to the owner authentication means 149.

Moreover, the owner information and owner authentication information cansimply be compared using the same information and the value obtained bycalculating the owner information with the unidirectional function maybe used as the owner authentication information. In addition, as theowner information, a password can be used and a finger print, a palmprint and a living information such as iris can also be used.

Tenth Embodiment

Next, the tenth embodiment in relation to eighteenth and ninetiethaspects of the present invention will be explained with reference toFIG. 17. FIG. 17 is a structural diagram illustrating an example of theelectronic information backup system of the tenth embodiment. Thissystem replaces the terminal 119 of the system of the eighth embodiment(FIG. 15) with the terminal 150 and connects an authentication deviceread means 151 to this terminal 150 and also replaces the electronicsafe means 113 with the electronic safe means 152. The authenticationdevice read means 151 is an IC card reader to read the IC card as theauthentication device. Moreover, the electronic safe means 152 isconnected with an authentication check means 154 for inspectinglegitimacy of the IC card as the authentication device based on theinformation from the authentication check information storage means 153.

Operations of this tenth embodiment will be explained below but sincethe basic operations are identical to those of the first embodiment tothe sixth embodiment, only the part different from these embodimentswill be explained. To the terminal 150, the ID information of the ICcard as the authentication card read by the authentication device readmeans 151 is inputted. The terminal 150 sends this ID information to theelectronic safe means 152. The electronic safe means 152 sends this IDinformation to the authentication check means 154 and thisauthentication check means 154 reads the corresponding ID informationfrom the authentication check information storage means 153 and verifieslegitimacy through the collation. When the owner is authenticated as thelegitimate owner as a result of verification, the electronic safe means152 sends this information to the terminal 150 to form the encryptioncommunication path between the electronic information registration means143 and electronic safe means 152 and the electronic informationregistration means 143 registers the electronic value information to theelectronic safe means 152 to this encryption communication path. Theelectronic safe means 152 holds a set of the owner authenticationinformation corresponding to the authentication result and theelectronic value information to the electronic safe storage means 110.Thereby, the electronic information recovery means 144 can acquire theelectronic value information corresponding to the owner authenticationinformation based on the authentication result via the encryptioncommunication path.

In the tenth embodiment, an IC card is used as t the authenticationdevice and an IC card reader is used as the authentication device readmeans, but it is also possible to use the memory card having thesecurity function and memory card reader.

Eleventh Embodiment

Next, the eleventh embodiment in relation to twentieth and twenty-firstaspects of the present invention will be explained with reference toFIG. 18. FIG. 18 is a structural diagram illustrating an example of theelectronic information backup system of the eleventh embodiment. Thissystem replaces the terminal 119 of the system of the eighth embodiment(FIG. 15) with the terminal 160, replaces the IC card 507 with the ICcard 508, replaces the electronic information registration means 143with an electronic registration means 155, replaces the electronicinformation recovery means 144 with an electronic information recoverymeans 156, replaces the electronic wallet means 101 with an electronicwallet means 157, moreover adds an backup condition storage means 158for holding the condition information to backup the electronic valueinformation and a backup object extracting means 159 for selecting thebackup object from the electronic wallet means 157 by interpreting thebackup condition obtained from the backup condition storage means 158and replaces the terminal 119 with a terminal 150. The electronicinformation registration means 145 obtains the correspondingregistration certificate by automatically registering the electronicvalue information of the backup object to the electronic safe means 113.Thereby the electronic value information to be backed up can be selectedautomatically based on the preset condition in place of the manualselection by user.

Operations of the eleventh embodiment will be explained below but sincethe basic operations are identical to that of the first embodiment tothe sixth embodiment, only the part different from these embodimentswill be explained. The backup condition storage means 158 holds thebackup condition information and determines the electronic valueinformation to be backed up based on such condition information. In thiseleventh embodiment, it is assumed that the backup condition informationincludes the initial setting and allows a user to generate and changethe condition information. As the backup condition information, it ispossible to use the kind and capacity of the electronic valueinformation, vacant memory capacity of the electronic wallet storagemeans 102, effective period of the electronic value information andholding start time of electronic value information, etc. and combinationof these data. Here, it is also possible to use the information otherthan that explained above as the backup condition in addition to theitems of the information in the electronic value information.

An example of the backup condition information is illustrated in FIG. 19and FIG. 20. FIG. 19 illustrates an example of an electronic valueinformation group on the electronic wallet storage means 102. Here, whenthe backup condition is adapted to a movie ticket, FIG. 20( a)illustrates the electronic value information group corresponding to thebackup condition. FIG. 20( b) illustrates the corresponding electronicvalue information group under such backup condition that the date isdefined as Mar. 15, 2000 and there is no available date within a month.

Next, the extraction procedure of the electronic value information witha backup object extraction means 159 based on such backup condition willthen be explained.

(2-1)

The backup object extraction means 159 requests the electronic valueinformation list to the electronic wallet means 157.

(2-2)

The electronic wallet means 157 refers to the electronic wallet storagemeans 102 to form the electronic value information list.

(2-3)

The electronic wallet means 157 returns the electronic value informationlist to the backup object extraction means 159.

(2-4)

The backup object extraction means 159 collates the registered backupcondition with the list and generates the backup object electronic valueinformation list.

(2-5)

The backup object extraction means 159 transfers the backup objectelectronic value information list to the electronic wallet means 157.

(2-6)

The electronic wallet means 157 acquires the electronic valueinformation group designated with the backup object electronic valueinformation list from the electronic wallet storage means 102.

(2-7)

The encrypting/decoding means 105 encrypts all electronic valueinformation pieces included in the electronic value information groupand generates the encryption electronic value information group.

(2-8)

All encryption electronic value information pieces included in theencryption electronic value information group are backed up to theelectronic safe means 113 via the terminal 160 from the electronicinformation registration means 155.

(2-9)

The electronic safe means 113 transfers the registration groupcorresponding to the encryption electronic value information group tothe electronic wallet means 157 via the electronic information recoverymeans 156 from the terminal 160.

(2-10)

The electronic wallet mans 157 stores the registration certificate groupin the electronic wallet storage means 102 and deletes all electronicvalue information pieces included in the electronic value informationgroup from the electronic wallet storage means 102.

(2-11)

The electronic wallet storage means 157 notifies the end of process tothe terminal 160.

As the timing for starting the backup object extraction means 159, forexample, the backup process may be started automatically depending onthe procedures indicated in the steps (2-1) to (2-11) by driving thebackup object extraction means 149 in every constant period. Otherwise,if the storage capacity of the electronic wallet storage means 102 isshortage when a new electronic value information is registered in theelectronic wallet storage means and when the backup electronic valueinformation is recovered, the backup object extraction means 159 canautomatically start the backup process depending on the procedureexplained above. Otherwise, when the drive is requested by user, thebackup object extraction mans 159 can automatically start the backupprocess depending on the procedure explained above. Otherwise, thebackup object extraction means 159 can automatically start the backupprocess depending on the procedure explained above through thecombination of the conditions.

Moreover, when the storage capacity of the electronic wallet storagemeans 102 is insufficient, it is allowed for a user manipulating theterminal 160 to select, after a user has executed the backup process forthe electronic value information stored in the current electronic walletstorage means 102 on the basis of the backup condition information,continuation of registration of a new electronic value information andrecovery of the backed-up electronic value information, interruption ofregistration of a new electronic value information and recovery ofbacked-up electronic value information and continuation of registrationof a new electronic value information and recovery of backed-upelectronic value information after execution of the backup process bymanual selection of the electronic value information held in the currentelectronic value storage means 102.

Twelfth Embodiment

Next, the twelfth embodiment in relation to twenty-second andtwenty-third aspects of the present invention will be explained withreference to FIG. 21. FIG. 21 is a structural diagram illustrating anexample of the electronic information backup system of the twelfthembodiment. This system replaces the terminal 114 of the system of thethird embodiment (FIG. 10) with a terminal 153, the IC card 502 with anIC card 509, the electronic information registration means 120 with anelectronic information registration means 161, the electronicinformation recovery means 121 with an electronic information recoverymeans 162 and moreover replaces the electronic safe means 113 with anelectronic safe means 164, the electronic safe means 123 with anelectronic safe means 165 and connects a couple of electronic safe means164 and 165 with the communication line. Moreover, the terminal 163connects the owner information input means 145, owner authenticationinformation storage means 148 and owner authentication means 149 of theninth embodiment (FIG. 16).

Operations of this twelfth embodiment will be explained below, but sincethe basic operations are identical to that of the third embodiment andninth embodiment, only the part different from these embodiments will beexplained. When the owner authentication for the other electronic safemeans 165 to which the decoding key is registered is completedsuccessful using the owner information input means 145, ownerauthentication information storage means 148 and owner authenticationmeans 149, this electronic safe means 165 acquires the encryptionelectronic information through the communication with the electronicsafe means 164 to which the electronic value information is registered.The terminal 163 acquires the encryption electronic information from theother electronic safe means 165 and sends this information to theelectronic information recovery means 162. The electronic informationrecovery means 162 decodes the encryption electronic value informationto recover this information on the electronic wallet means 101. On theother hand, the encrypting/decoding means 105 generates a pair of a newencryption key and decoding key, encrypts again the electronic valueinformation on the electronic wallet means 101 using this new encryptionkey. Thereby, the electronic information registration means 161 acquiresthe registration certificate by sending this new encryption electronicvalue information to the electronic safe means 164 via the terminal 163and also acquires the registration certificate by sending a new decodingkey to the other electronic safe means 165.

As explained above, when the electronic value information and decodingkey are stored in different electronic safe means for keeping securityin this twelfth embodiment, if the decoding key is lost and the terminalis destroyed, the electronic value information can be recovered sincethe electronic safe means made the communication to return a set of theelectronic value information and the decoding key to the terminal underthe condition that the owner is recognized as the legitimate informationowner through the authentication process. Moreover, in the case wherethe electronic value information is not used immediately, the electronicvalue information is encrypted using a new encryption key, thisencrypted information is sent to one electronic safe means and thedecoding key is sent to the other electronic safe means. Thereby, theoriginal condition can be recovered.

In each embodiment explained above, when the electronic informationrecovery means recovers the corresponding electronic value informationon the electronic wallet means by presenting the registrationcertificate, or when a new electronic value information is registered onthe electronic wallet means, if the sufficient capacity for recovery isnot left on the electronic wallet storage means, the recovery processcan be intermitted by presenting shortage of capacity to user.

Moreover, in each embodiment, when the electronic informationregistration means acquires the corresponding registration certificateby registering electronic value information obtained from the electronicwallet means to the electronic safe means and the registrationcertificate is registered normally to the electronic wallet means, theelectronic information registration means deletes the electronic valueinformation from the electronic wallet means. Moreover, when theelectronic information recovery means acquires the correspondingelectronic value information from the electronic-safe means bypresenting the registration certificate obtained from the electronicwallet means and successfully recovers the electronic value informationon the electronic wallet means, the electronic information recoverymeans deletes the registration certificate from the electronic walletmeans and also deletes the electronic value information from theelectronic safe means.

In addition, in each embodiment, highly efficient backup process can beexecuted by triggering the start of backup process as the referencetiming, when the portable terminal is placed on the charger, theportable terminal is not used for the specified period, the batterycapacity of portable terminal drops exceeding the predetermined level,or in every predetermined time, for example, 23 o'clock in the midnightwherein the portable terminal is not used, or when the memory capacityof the IC card drops exceeding the predetermined value, or the recoveryof the electronic value information after the available period, forexample, the electronic value information after one week in future isrequired.

Moreover, the more effective backup recovery can be realized bytriggering the start of recovery from backup process with reference tothe timing when the signal receiving condition of the portable terminalis improved, the battery capacity of the portable terminal is recoveredexceeding the predetermined level, or in every predetermined time, forexample, six o'clock in the morning where the portable terminal can beused, or when the memory capacity of the IC card is recovered exceedingthe predetermined value, or the available time limit of the electronicvalue information, for example, when the electronic value informationwhich is available from the tomorrow is recovered today.

In addition, the read operation with a computer becomes possible byrealizing the control program of the electronic wallet means, electronicsafe means, electronic information registration means, electronicinformation recovery means or the like with the software and recordingthis software to a storage medium such as a magnetic disc,magneto-optical disc, ROM, DVROM or the like.

1. An IC card comprising: electronic wallet unit for management ofelectronic value information; electronic wallet storage unit that is theintrinsic storage area of the electronic wallet unit; electronicinformation registration unit registering said electronic valueinformation to an electronic safe unit connected through a network andacquiring a registration certificate from the electronic safe unit;electronic information recovery unit for acquiring said electronic valueinformation by presenting said registration certificate to saidelectronic safe unit; electronic information dividing unit for dividingsaid electronic value information to the desired number of partialelectronic information pieces to which an identifier for recovering saidelectronic value information to the original electronic valueinformation is respectively added; and an electronic informationcombining unit for recovering said electronic value information fromsaid divided electronic information pieces, a key storage unit forstoring a set of an encryption key for encrypting said electronic valueinformation and a decoding key for decoding the encrypted electronicvalue information; and an encrypting/decoding unit for executing theencryption of said electronic value information using the encryption keyand also executing the decoding using said decoding key, wherein saidelectronic registration unit acquires a plurality of partial electronicinformation pieces by requesting division of said electronic valueinformation to said electronic information dividing unit and alsoacquires respective partial information registration certificates byregistering the entire part or a part of said partial electronicinformation to the electronic safe unit, said electronic informationrecovery unit acquires respective corresponding partial electronicinformation pieces by presenting the entire part or a part of saidpartial information registration certificates to the electronic safeunit that has issued the respective partial information registrationcertificates, and said electronic information combining unit recoverssaid electronic value information from said obtained partial electronicinformation pieces.
 2. The IC card according to claim 1, comprising:wherein said electronic information registration unit registers theencryption electronic value information obtaining by encrypting theelectronic value information obtained from said electronic walled unitwith said encrypting/decoding unit to said electronic safe unit in orderto obtain the encryption electronic value information registrationcertificate, and said electronic information recovery unit obtains thecorresponding encryption electronic value information by presenting saidencryption electronic value information registration certificate to saidelectronic safe unit and also obtains said electronic value informationdecoded with said encrypting/decoding unit and then recovers suchinformation on said electronic safe unit.
 3. The IC card according toclaim 2, wherein said electronic information registration unit acquiresa key registration certificate by obtaining a key information from saidkey storage unit and registering this information to said electronicsafe unit, and said electronic information recovery unit acquires thecorresponding key information by presenting said key registrationcertificate to said electronic safe unit and then recovering saidobtained key information on said key storage unit.
 4. The IC cardaccording to claim 2, wherein a decoding key for decoding said encryptedelectronic value information is registered to another electronic safeunit different from said electronic safe unit to acquire the keyregistration certificate and said electronic information recovery unitacquires the corresponding key information by presenting said keyregistration certificate to said another electronic safe unit and thenrecovering said obtained key information to said key storage unit. 5.The IC card according to claim 2, wherein said electronic informationregistration unit acquires a plurality of encryption-divided electronicinformation by respectively encrypting, with the encrypting/decodingunit a plurality of divided electronic information pieces divided withthe electronic information dividing unit and also acquires thecorresponding registration certificates by registering, to theelectronic safe unit, the entire part or a part of a plurality ofobtained encryption-divided electronic information pieces.
 6. The ICcard according to claim 2, wherein said electronic informationregistration unit acquires an encryption electronic information byencrypting the electronic value information with saidencrypting/decoding unit, also acquires a plurality ofdivision-encrypted electronic information using said electronicinformation dividing unit from said acquired encryption electronicinformation and also acquires the corresponding registration certificateby registering the entire part or a part of a plurality of saiddivision-encrypted electronic information pieces to the electronic safeunit.
 7. The IC card according to claim 1, comprising: an electronicinformation coupling unit for coupling a plurality of electronic valueinformation pieces to output one coupled electronic information; and anelectronic decoupling unit for dividing said coupled electronicinformation to a plurality of original electronic information pieces,wherein said electronic information coupling unit generates the coupledelectronic information from a set of a plurality of electronic valueinformation pieces, said electronic information registration unitacquires the corresponding coupled electronic information registrationcertificate by registering said coupled electronic information to saidelectronic safe unit, said electronic information recovery unit acquiresthe corresponding coupled electronic information from the electronicsafe unit by presenting said coupled electronic information registrationcertificate, and said electronic information de-coupling unit acquires aset of a plurality of said electronic value information pieces from saidcoupled electronic information.
 8. The IC card according to claim 7,wherein said electronic information dividing unit divides the keyinformation obtained by said electronic information registration unitfrom said key storage unit into a plurality of partial keys, saidencrypting/decoding unit acquires the encryption of electronicinformation by encrypting the electronic value information obtained bysaid electronic information registration unit from said electronicwallet unit, said electronic information coupling unit acquires thecoupled electronic information from said encryption electronicinformation and the partial key group A as part of said partial key,said electronic information registration unit acquires the correspondingregistration certificate by registering said coupled electronicinformation and the partial key group B as the remaining partial key todifferent electronic safe unit respectively, said electronic informationrecovery unit acquires said coupled electronic information from saidpartial key group B by presenting said registration certificate to thecorresponding electronic safe unit, said electronic informationde-coupling unit isolates said coupled electronic information to saidencryption electronic information and said partial group A, saidelectronic information combining unit combines said partial key group Aand said partial key group A to generate a key information, saidencryption/decoding unit decodes said encryption electronic informationand acquires said electronic value information, and said electronicinformation recovery unit acquires said key information to recover thisinformation on said key storage unit and also recovers said electronicvalue information on the electronic wallet unit.
 9. The IC cardaccording to claim 8, wherein said electronic information dividing unitsets the partial key obtained by dividing the key information as anoriginal information to generate a pair of keys of the encryption keyand the decoding key.
 10. The IC card according to claim 2, comprisingan original encryption seed information used to generate the decodingkey and a decoding key generation algorithm to generate the decoding keyfrom said encryption seed information, wherein said electronicinformation registering unit acquires the corresponding encryption seedinformation registration certificate by registering said encryption seedinformation to said electronic safe unit, said electronic informationrecovery unit acquires the corresponding encryption seed informationfrom said electronic safe unit by presenting said encryption seedinformation registration certificate, said encrypting/decoding unitgenerates the decoding key by multiplying said encryption seedinformation with said decoding key generation algorithm and saidelectronic information recovery unit decodes said electronic valueinformation obtained by said electronic information recovery unit usingsaid decoding key.
 11. A terminal device connectable with the IC cardspecified in claim 1, wherein the terminal device receives an intrinsicowner information from an owner information input unit connected withthe terminal device, the terminal device receives an ownerauthentication information corresponding to the owner from an ownerauthentication information input unit connected with the terminaldevice, the terminal device sends an owner authentication information toan electronic information registration unit being an element of the ICcard, and then the electronic information registration unit can registera set of electronic value information and the owner authenticationinformation to an electronic safe unit connected with a network, theterminal device sends the owner information to an electronic informationrecovery unit being an element of the IC card, and then the electronicinformation recovery unit can acquire said electronic value informationwhen collation with said owner authentication information is completedsuccessfully by presenting the owner information obtained from saidowner information input unit to said electronic safe unit.
 12. Theterminal device according to claim 11, wherein the terminal device isconnected with an owner authentication information storage unit forholding the owner authentication information corresponding to said ownerinformation and an owner authentication unit for inspecting legitimacyby comparing said owner information with said owner authenticationinformation and, when the terminal device notifies an authenticationresult obtained by the owner authentication unit to the electronic safeunit, the electronic safe unit forms an encryption communication pathbetween said electronic information registration unit and the electronicsafe unit.
 13. The terminal device according to claim 12, wherein saidowner information input unit and owner authentication unit generate acommon key to use temporarily and hold in common, and said ownerinformation input unit encrypts the owner information with said commonkey to send the encrypted owner information to the owner authenticationunit.
 14. The terminal device according to claim 12, wherein said ownerinformation input unit encrypts the owner information with the publickey corresponding to an intrinsic secret key of the owner authenticationunit and said owner information input unit sends the encrypted ownerinformation to the owner authentication unit.
 15. The IC card accordingto claim 1, comprising a backup condition storage unit for storing thecondition information for backup of the electronic value information anda backup object extraction unit for selecting the backup object fromsaid electronic wallet unit by interpreting the backup conditionobtained from said backup condition storage unit, wherein saidelectronic information registration unit acquires the correspondingregistration certificate by automatically registering said electronicvalue information of backup object to said electronic safe unit.
 16. TheIC card according to claim 15, wherein if sufficient capacity is notleft on the electronic wallet storage unit when the electronicinformation recovery unit presents the registration certificate torecover the corresponding electronic value information on the electronicwallet unit or to register a new electronic value information on theelectronic wallet unit, the electronic information registration unitacquires the corresponding registration certificate by selecting theelectronic value information of the backup object from said electronicwallet unit using said backup object extraction unit and thenregistering such information to said electronic wallet safe unit, avacant capacity is expanded by deleting said electronic valueinformation as the backup object from electronic wallet storage unit,and when the sufficient vacant capacity is reserved, the electronicinformation is recovered on said electronic wallet unit or a newelectronic value information is registered.
 17. The IC card according toclaim 4, wherein when the owner authentication to the another electronicsafe unit registering said decoding key is completed successfully, saidanother electronic safe unit acquires the encryption electronicinformation through the communication with the electronic safe unithaving registered the electronic value information other than saiddecoding key, and said electronic information recovery unit acquiressaid encrypted electronic value information from the another electronicsafe unit and then recovers such electronic value information on saidelectronic wallet unit.
 18. The IC card according to claim 4, whereinwhen owner authentication to the another electronic safe unitregistering said decoding key is completed successfully, said anotherelectronic safe unit acquires the encryption electronic information bymaking communication with the electronic safe unit registering theelectronic value information other than said decoding key, saidelectronic information recovery unit acquires said encrypted electronicvalue information from said another electronic safe unit to recover suchinformation on said electronic wallet unit, said encrypting/decodingunit generates a pair of new encryption key and decoding key, and saidelectronic value information is encrypted using said new encryption keyand said new encryption key is sent to said another electronic safeunit.
 19. The IC card according to claim 1, wherein if sufficientcapacity for information recovery is not remained on the electronicwallet unit when said electronic information recovery unit presents theregistration certificate to recover the corresponding electronic valueinformation on the electronic wallet unit or registers a new electronicvalue information on the electronic wallet unit, the recovery job issuspended.
 20. The IC card according to claim 1, wherein when saidelectronic information unit acquires the corresponding registrationcertificate by registering the electronic value information obtainedfrom said electronic wallet unit to said electronic safe unit and saidregistration certificate is normally registered to said electronicwallet unit, said electronic information registration unit deletes saidelectronic value information from said electronic wallet unit.
 21. TheIC card according to claim 1, wherein when said electronic informationrecovery unit acquires the corresponding electronic value informationfrom said electronic safe unit by presenting the registrationcertificate obtained from said electronic wallet unit and saidelectronic value information is normally recovered on the electronicwallet unit, said electronic information recovery unit deletes saidregistration certificate from said electronic wallet unit and alsodeletes said electronic value information from said electronic safeunit.